In Social Zombies II: Your Friends Need More Brains, Tom Eston, Kevin Johnson and Robin Wood continue the Zombie invasion from "Social Zombies: Your Friends want to eat Your Brains" presented at DEFCON 17. This presentation will further examine the risks of social networks and then present new techniques and tools that can be used to exploit these issues. This presentation begins by discussing new twists on existing privacy concerns that are caused by the trust mass that is social networks. We use this privacy confusion to exploit members and their companies during our penetration tests. The presentation then discusses social network botnets and bot programs. Both the delivery of malware through social networks and the use of these social networks as command and control channels will be examined. Tom, Kevin and Robin next explore the use of browser-based bots and their delivery through custom social network applications and show new ways social network applications can be used for malware delivery. Finally, the information available through the social network APIs is explored using third-party applications designed for penetration testing. This allows for complete coverage of the targets and their information.
Tom Eston is a penetration tester for a Fortune 500 financial services organization. Tom focuses his research on the security of social media. Tom is also a security blogger and co-host of the Security Justice podcast. Kevin Johnson is a Senior Security Analyst with InGuardians. He has many years of experience performing security services for Fortune 100 companies, and leads a large number of open source security projects including BASE and SamuraiWTF. Kevin is also an instructor for SANS. Robin Wood is a freelance developer, pentester and regular open source contributor whose projects include Jasager, the Interceptor and KreiosC2.